none
CDN Managed Certificate taking more than a day to validate & query about migrating without downtime RRS feed

  • Question

  • As mentioned here - (https://docs.microsoft.com/en-us/azure/cdn/cdn-custom-ssl?tabs=option-1-default-enable-https-with-a-cdn-managed-certificate#validate-the-domain) I tried to contact support after 24 hour who said I should rather post it here and they'll escalate the issue.
    If it'll take over 24 hours to validate CNAME mapping to CDN endpoint (doing this as a test to evaluate if we can migrate to Azure CDN from AWS Cloudfront) to enable HTTPS that might make us go down for a long time

    Would CDN Managed Certificate will enable HTTPS on custom domains even if 'cdnverify.cdn.example.com' CNAME is mapped to 'cdnverify.myazurecdn.azureedge.net'? Or 'cdn.example.com' CNAME should be mapped to 'myazurecdn.azureedge.net' is a hard requirement to pass this validation which takes more than a day just to validate a CNAME? 
    Tuesday, November 12, 2019 10:29 AM

Answers

  • Hi, 

    If the CNAME record entry contains the cdnverify subdomain, follow the rest of the instructions in this step.

    DigiCert sends a verification email to the following email addresses. Verify that you can approve directly from one of the following addresses:

    admin@<your-domain-name.com>
    administrator@<your-domain-name.com>
    webmaster@<your-domain-name.com>
    hostmaster@<your-domain-name.com>
    postmaster@<your-domain-name.com>

    If you haven't got any email to the above mentioned email. I will follow up with Verizon. 

    Please drop an email to azcommunity@microsoft.com with the below details:

    Customer Name and Contact Information
        • Name:
        • Email:
        • Phone:
        • Contact Preference: Phone / Email
    Language required if Translation Services are needed:
    Urgency: 
    Microsoft Azure Subscription ID:
    CDN Information
        • CDN Hostname (Ex. verizoncdn.azureedge.net)

    • Marked as answer by BitCipher Labs Friday, November 15, 2019 12:28 PM
    Friday, November 15, 2019 8:02 AM
    Moderator

All replies

  • Hi, 

    In some scenario, the validation takes more than a day. Can you please share me the below details via email to azcommunity@microsoft.com so that I can check from my end?

    Subscription ID:

    CDN Provider : 

    Endpoint name :

    Domain name :

    Regards, 

    Msrini

    Tuesday, November 12, 2019 11:22 AM
    Moderator
  • Thank you for early response, I emailed all the requested details but we also had to make a switch from Standard Microsoft to Standard Verizon because of cache settings limitations.
    Tuesday, November 12, 2019 1:42 PM
  • Could you please respond here with the solution if your issue was fixed 
    Wednesday, November 13, 2019 7:19 AM
  • Out of two domains, on one HTTPS certificate was enabled
    We are still waiting for our second domain after 24 hours & our query to be answered

    So far, very good and helpful response we're getting
    Thursday, November 14, 2019 7:30 AM
  • Just checked  and I still see PendingDomainControlValidationRequestApproval state. I would suggest you to wait for a day and if it doesn't work, please let me know.  I will then escalate to Verizon support. 

    Regards, 

    Msrini

    Thursday, November 14, 2019 7:41 AM
    Moderator
  • It still is in a pending state.

    gaia3.cruxpay.com HTTPS is enabled successfully

    Yes there is no CNAME record for gaia.cruxpay.com to azureedge.net because that’s a production URL and we can’t let our users land on it without a valid certificate that’s why I have cdnverify.gaia.cruxpay.com CNAME as cdnverify.cruxgaia.azureedge.net , if this would not be enough to pass the HTTPS certificate validation please suggest me a way to move to HTTPS enabled gaia.cruxpay.com without downtime.

    'cdn.example.com' CNAME should be mapped to 'myazurecdn.azureedge.net', is that a hard requirement to pass this pending validation?

    Hoping to get a response soon.

    Friday, November 15, 2019 7:40 AM
  • Hi, 

    If the CNAME record entry contains the cdnverify subdomain, follow the rest of the instructions in this step.

    DigiCert sends a verification email to the following email addresses. Verify that you can approve directly from one of the following addresses:

    admin@<your-domain-name.com>
    administrator@<your-domain-name.com>
    webmaster@<your-domain-name.com>
    hostmaster@<your-domain-name.com>
    postmaster@<your-domain-name.com>

    If you haven't got any email to the above mentioned email. I will follow up with Verizon. 

    Please drop an email to azcommunity@microsoft.com with the below details:

    Customer Name and Contact Information
        • Name:
        • Email:
        • Phone:
        • Contact Preference: Phone / Email
    Language required if Translation Services are needed:
    Urgency: 
    Microsoft Azure Subscription ID:
    CDN Information
        • CDN Hostname (Ex. verizoncdn.azureedge.net)

    • Marked as answer by BitCipher Labs Friday, November 15, 2019 12:28 PM
    Friday, November 15, 2019 8:02 AM
    Moderator
  • We haven't received DigiCert verification email on any of these addresses
    I sent the asked details to azcommunity@microsoft.com

    Hope to serve our users from Azure soon.
    Friday, November 15, 2019 8:46 AM